Security and ITSM: A Dynamic Duo of IT

Throughout the rich history of IT, the elements of Security and IT Service Management have been front and center in our daily operations. The mission of securing and managing IT infrastructure and assets while delivering services is timeless—and will continue to be at the heart of the IT strategy and agenda for many years to come.

However, we’ve often witnessed the operations of Security and Service Management working independently, driving to the daily priorities and immediate demands of these domains. But as the world around us continues to change, as the cadence of business quickens, and as the evolution of technology advances faster than ever, we must attain a new level of cooperation and synchronization between the teams, processes, solutions, and technologies of Security and Service Management.

More than ever, we need these titans of IT working closely together to elevate the performance of IT and of the business.

Let’s review a few of the synergies possible when Security and ITSM are closely aligned.

Automation

Automation will reshape the operations of IT over the next 5 to 10 years as few other things will. In this transformation from a highly manual, brute-force IT to an automated IT, we’ll learn that single elements of IT can’t operate independently.

For example, we can’t simply automate the Change Approval process for ITSM without embedding the proper security controls. More than simply convenient, the oversight of Security is critical to ensuring we aren’t creating risk when touching the IT infrastructure. Increasingly we recognize that with the growth of global threats, virtually every action across IT must include a validation through our security practices. Extending this a bit further, we also want our automated processes to recognize governing best practices, including ITIL, Agile, and DevOps to name a few. These principles should be carefully designed into our automated workflow.

Thoughtful automation has the unique ability to change virtually everything in IT and therein change the daily profile of the business. But, automation can’t increase risk to the business.

Service Catalogs

Service catalogs are easy to love and what’s not to like? An effective catalog provides service quickly and conveniently, and it’s easy to see how IT will increasingly employ it to deliver service to both IT and the business. But, once again, we’re reminded that simple service without the appropriate security practices is no longer acceptable.

As the service catalog brings more widespread access to the assets and services of IT, the right level of security is more critical than ever. This is another case where the Service Management team must work closely with Security to ensure that IT is delivering great service quickly while managing risks to the business and not creating any additional security exposures. For example, a common service catalog request is the onboarding of a new employee. This process touches so many of our systems and includes the delivery of a laptop/desktop machine along with a company-issued mobile phone. The engagement of Security in this full process is vital.

Service catalog growth must be moderated with the right Security engagement. Nothing less will do.

Self Service

Similar to service catalogs but with a bit broader range of applications, serving ourselves is increasingly the model of IT and of the business. Self service offers the compelling profile of anywhere, anytime, fast, and easy access to IT resources and services. And of course, more often than not, what’s offered in IT today is likely to be offered to the business.

This makes perfect sense when we consider that the agenda for IT and the agenda for the business are more and more aligned, and the much sought-after partnership between IT and the business is being created before our eyes.

We’re fortunate to be part of the transformation of IT—one that yields a more proactive, more strategic IT. Of course, this doesn’t come without responsibility. A primary example of this isn’t just the engagement of Security in all self-service offerings, but also an increasingly sophisticated and agile security model that doesn’t constrain the flexibility of our self-service models—while at the same time providing world-class security for the business.

The combination of agile and scalable self service along with a best-in-class security model is truly strategic to the business.

Mobile Workforce

The mobile workforce in business today is leveraging an ever-growing number of mobile devices—ones that provide a remarkably rich set of capabilities and user-experience innovations. Perhaps this single part of the market could reflect greater advancement in terms of usability and capability than any other in technology markets over the past 10 years.

Business today benefits from the combined advancements of business-focused technology and applications, as well as from the many advancements focused on personal and consumer markets. In terms of business use, these mobile devices now access corporate resources and assets around the clock and from virtually any location.

This model isn’t temporary—the power of anywhere/anytime is here to stay. This makes sense from an agile, adaptable business standpoint but creates a significant number of new security issues. Once again, we must have the engagement of Security as new access models and business processes that leverage these mobile devices continue to grow. We naturally think in terms of the devices we know today, including smart phones and tablets. But the question quickly expands when we consider that we’re likely to see new devices arrive in the next few years that go far beyond what we know today. This is just the beginning.

There is a fine line between positive business impact and creating new business risks and exposure. We need the combined efforts of Security and ITSM to maximize the value of the growing mobile workforce.

When done correctly, the unified efforts and strategy of Security and ITSM bring the very best of these automation, service catalog, self-service, and mobile models to life. Then, in turn, we accelerate the transformation of IT into aforce of innovation and speed that drives the business forward. This is the exciting future of IT, grounded in the joint operations of Security and ITSM.

Keep the faith, my friends.

Kevin J. Smith, Senior Vice President at Ivanti, spent the first 10 years of his career at the NASA Johnson Space Center. For the past 15 years, he has been with Ivanti and the former HEAT Software, working with global marketing leading IT organizations on strategy, business process design, and leveraging software solutions to help all of IT perform better. Kevin has authored two books, “The Practical Guide to World-Class IT Service Management” and “The IT Imperative.”

About Kevin J. Smith

Kevin J. Smith writes regularly for the Ivanti blog, primarily on the topic of ITSM.